RE: Suggestions

["Rishi Pande" <rpande () vt edu>]

My very basic knowledge of the Pearson's coefficient leads me to believe
that there is not much similar between spatial autocorrelation and the
Pearson's coefficient. 
Pearson's coefficient measures the relation between two variables on the
same object. 
Spatial autocorrelation, on the other hand, measures the correlation between
the instances of the effect under measurement (in my case, instances of worm
occurrences) with respect to 2-D space. We considered geographical and
topological orientations for the space. 
My work was more focused on helping to predict the spread of a worm.
Actually bringing it into implementation will involve multiple
characteristics coming into play including some you mentioned. However
during design of the implementation product, I concentrated on network level
issues for detection of an intrusion: dramatic rise of traffic on a port,
high number of small transmissions from outside networks, etc. We also
thought about opening a second "emergency" line of communication to a global
warning source such as CERT, D-shield, etc. 
Rishi

-----Original Message-----
From: Ed Donegan [mailto:danceslikewhiteguy () hotmail com] 
Sent: Wednesday, June 02, 2004 7:13 PM
To: rpande () vt edu; thiagoguzella () yahoo com br
Cc: focus-ids () securityfocus com; uzurutuza () eps mondragon edu;
TheTom () UnixIsNot4Dummies ORG; clint () secureconsulting com;
stefano.zanero () ieee org; whitty () reeve com; mark.runion () us army mil
Subject: Re: Suggestions

I wasn't able to drag down the PDF yet, but I presume it used the pearson 
product moment correlation co-efficient?  Mots embarassig, I posted the 
wrong version earlier, more verbose, less technical, but does this technique

use multiple data points to describe an event (ie proccess launched, files 
touched,) then measure the "goodness of fit" to the event and the data 
points in a correlation co-efficient?  This is what I believe is the more 
technicial definition of correlation lays, but as far as tayloring it for 
utility, I have seen numerous variations.


> From: Rishikesh Pande <rpande () vt edu>
> To: Thiago dos Santos Guzella <thiagoguzella () yahoo com br>
> CC: focus-ids () securityfocus com, 
> uzurutuza () eps mondragon edu,TheTom () UnixIsNot4Dummies ORG, 
> clint () secureconsulting com,stefano.zanero () ieee org, whitty () reeve com, 
> mark.runion () us army mil
> Subject: Re: Suggestions
> Date: Sat, 29 May 2004 16:05:53 -0400
>
> You may want to take a look at my thesis 
> (http://scholar.lib.vt.edu/theses/available/etd-05182004-085925/). I used 
> spatial autocorrelation- a measure from plant epidemiology to look at the 
> spread of computer network worms. The thesis is kind of long , but you may 
> want to read the Introduction and then skip over to chapter 4. If you can 
> wait a month or so, I am presenting some of my work at SANSFIRE- Monterey.
>       Rishi
>
>
> ---------------------------------------------------------------------------
>
> ---------------------------------------------------------------------------

_________________________________________________________________
Get fast, reliable Internet access with MSN 9 Dial-up - now 3 months FREE! 
http://join.msn.click-url.com/go/onm00200361ave/direct/01/


---------------------------------------------------------------------------

---------------------------------------------------------------------------


---------------------------------------------------------------------------

---------------------------------------------------------------------------